diff options
author | Joel Stanley <joel@jms.id.au> | 2022-05-09 11:22:03 +0300 |
---|---|---|
committer | Joel Stanley <joel@jms.id.au> | 2022-05-10 01:37:03 +0300 |
commit | d30febe3929af749a8050d5979b2ae0bfac9b041 (patch) | |
tree | 8e5d32288f9e725b79aa1112f487e5300806fcc5 | |
parent | 13bb84dc4a8eee75c0dfd79916e073f93e45cf81 (diff) | |
download | openbmc-d30febe3929af749a8050d5979b2ae0bfac9b041.tar.xz |
u-boot-aspeed: Disable backdoor interfaces
This is a version of the CVE-2019-6260 "pantsdown" mitigations for the
v2019.04 u-boot branch. The SuperIO and debug UART backdoors can be
optionally enabled through u-boot build time configuration, but default
to disabled as long as your machine uses the common board_init.
These changes are relevant for the AST2400 and the AST2500 only.
If your machine relies on these features to boot, look at the options in
this patch:
https://lore.kernel.org/openbmc/20220504004739.15829-1-zev@bewilderbeest.net/
See this email for instructions on how to test:
https://lore.kernel.org/openbmc/CACPK8XfYuWT9Q5G_bo9AGugx-DcODDZ8xb39Sr+Sa8qWqVeW6A@mail.gmail.com/
Thank you to Zev for the work on this patch.
Zev Weiss (1):
aspeed: Disable backdoor interfaces
Change-Id: I4ebeae13047b8c32f2d9324d4ef9c6f98c6f4a60
Signed-off-by: Joel Stanley <joel@jms.id.au>
-rw-r--r-- | meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc index 8efeaed564..6a43de2c1e 100644 --- a/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc +++ b/meta-aspeed/recipes-bsp/u-boot/u-boot-common-aspeed-sdk_2019.04.inc @@ -8,7 +8,7 @@ PE = "1" # We use the revision in order to avoid having to fetch it from the # repo during parse -SRCREV = "21fa3f3380749b5bfda4d95230d2911671cf3fcf" +SRCREV = "8dfce92d376f0fb20feecf3eb94df88ce0249d76" SRC_URI = "git://git@github.com/openbmc/u-boot.git;nobranch=1;protocol=https" S = "${WORKDIR}/git" |